Firewalls: Re: C-class net, netmask 255.255.255.128 = trouble?

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: C-class net, netmask 255.255.255.128 = trouble?
From:	Chris Garrigues <cwg @ DeepEddy . Com>
Date:	Thu, 19 Sep 1996 23:05:19 -0500
To:	Mikael Suokas <csuokas @ cc . hut . fi>
Cc:	firewalls @ GreatCircle . COM, cwg @ deepeddy . DeepEddy . Com
In-reply-to:	Your message of "Thu, 19 Sep 1996 20:24:16 +0300." <Pine . OSF . 3 . 93 . 960919195227 . 8840F-100000 @ alpha . hut . fi>

I was in a similar situation and did exactly what you're proposing to do.

My opinion is that the preservation and extension of this is less useful than 
rfc950 claims.  Except for systems that explicitly check for and disallow this 
case, I'm not aware of any software that breaks as a result.  (Actually, I 
heard that there was a problem with some versions of SunOS, but since that's 
the OS that thought that the broadcast address was all zeros, we can't really 
use it as the reference port, can we?)

Cisco requires that you disable this check explicitly, but it then works like 
a charm.

Chris

-- 
Chris Garrigues                    O-              cwg @
 DeepEddy .
 Com
  Deep Eddy Internet Consulting                     +1 512 432 4046
  609 Deep Eddy Avenue
  Austin, TX  78703-4513              http://www.DeepEddy.Com/~cwg/

Attachment: pgpoJpRw93rDn.pgp
Description: PGP signature

References:

C-class net, netmask 255.255.255.128 = trouble?
From: Mikael Suokas <csuokas @ cc . hut . fi>

Indexed By Date	Previous:	IPX Firewall? From: Bill Husler <Bill @ Husler . xo . com>
Indexed By Date	Next:	Re: viruswalls & firewalls From: "Tracy R. Reed" <treed @ straylight . connectnet . com>
Indexed By Thread	Previous:	Re: C-class net, netmask 255.255.255.128 = trouble? From: Leonard Miyata <leonard @ geminisecure . com>
Indexed By Thread	Next:	Re: C-class net, netmask 255.255.255.128 = trouble? From: Charles Ragan <ragan @ INS . COM>